M/e29dZddlZddlZddlZddlZddlZddlZddlmZddlm Z ddlm Z ddlm Z ddlm Z ddlm Z dd lmZdd lmZddlZddlZddlZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddl m!Z!ddl"m#Z#ddl"m$Z$ejJe&Z'GddZ(GddejRZ*GddejRZ+y)z!Creates ACME accounts for server.N)Any)Callable)cast)Dict)List)Mapping)Optional) serialization)fields)messages)ClientV2) configuration)errors) interfaces)util) constants) filesystem)osc eZdZdZGddej Z ddejdejde dddfd Z e de fd Zde fd Zd edefd Zy)AccountzACME protocol registration. :ivar .RegistrationResource regr: Registration Resource :ivar .JWK key: Authorized Account Key :ivar .Meta: Account metadata :ivar str id: Globally unique account identifier. ceZdZUdZej dZejed<e jdZ e ed<e jddZ e ed<y) Account.MetaaAccount metadata :ivar datetime.datetime creation_dt: Creation date and time (UTC). :ivar str creation_host: FQDN of host, where account has been created. :ivar str register_to_eff: If not None, Certbot will register the provided email during the account registration. .. note:: ``creation_dt`` and ``creation_host`` are useful in cross-machine migration scenarios. creation_dt creation_hostregister_to_effT) omitemptyN)__name__ __module__ __qualname____doc__ acme_fieldsrfc3339rdatetime__annotations__josefieldrstrr;/usr/lib/python3/dist-packages/certbot/_internal/account.pyMetar-sS *=)<)<])K X&&K'TZZ8 s8)tzz*;tLLr)r+Nregrkeymetareturnc ||_||_|b|jtjj t j jdtjdn||_ tj}|j'|jjj)j+t,j.j0t,j2j4|j7|_y#t$r5tjditt t"t$fddi}YwxYw) N)tzr) microsecond)rrrusedforsecurityF)encodingformat)md5)r-r,r+r#nowpytzUTCreplacesocketgetfqdnr.hashlibr6 ValueErrornewrrr'rupdate public_key public_bytesr EncodingPEM PublicFormatSubjectPublicKeyInfo hexdigestid)selfr,r-r.hashers r*__init__zAccount.__init__=s &*\ II ))---:BBqBQ ..* "8<  _[[]F  dhhll--/<<"++// --BB=D ""$ _[[^$wsCx/@CTV[B\*]^F  _s;D;EEcdjtj|jj|jj |j ddS)z3Short account identification string, useful for UI.z {1}@{0} ({2})N)r5 pyrfc3339generater.rrrHrIs r*slugz Account.slug\sL%%i&8&8 II ! !'#$(II$;$;TWWRa[J Jr)cdj|jj|j|j|j S)Nz<{0}({1}, {2}, {3})>)r5 __class__rr,rHr.rPs r*__repr__zAccount.__repr__bs6%,, NN # #TYYD Dr)otherct||jxrO|j|jk(xr4|j|jk(xr|j|jk(SN) isinstancerSr-r,r.)rIrUs r*__eq__zAccount.__eq__fsT5$..1(EII%(*.))uzz*A( UZZ' )r)rW)rrrr r%JSONObjectWithFieldsr+r RegistrationResourceJWKr rKpropertyr'rQrTrboolrYr(r)r*rr#sMt((M"+/%X::%%'%37%>JcJJ D#D)C)D)r)rcheZdZdZd deeeefddfdZde efdZ dede ddfd Z d edefd Z y) AccountMemoryStoragezIn-memory account storage.Ninitial_accountsr/c&|||_yi|_yrW)accounts)rIras r*rKzAccountMemoryStorage.__init__os,<,H( b r)cHt|jjSrW)listrcvaluesrPs r*find_allzAccountMemoryStorage.find_allrsDMM((*++r)accountclientc|j|jvr tjd|j||j|j<y)NzOverwriting account: %s)rHrcloggerdebug)rIrhris r*savezAccountMemoryStorage.saveus7 :: & LL2GJJ ?$+ gjj!r) account_idcf |j|S#t$rtj|wxYwrW)rcKeyErrorrAccountNotFoundrIrns r*loadzAccountMemoryStorage.loadzs6 5==, , 5((4 4 5s0rW)rrrr r rr'rrKrrgr rmrsr(r)r*r`r`lsg$Q$sG|2D)EQQUQ,$w-,,G,X,$, 5s5w5r)r`ceZdZdZdej ddfdZdedefdZdededefd Z e d edefd Z e d edefd Z e d edefd Z dedeefdZdeefdZdedededdfdZdededdfdZdededefdZdedefdZdededdfdZdeddfdZdeddfdZdeddfdZdededdfdZdeddfdZdedeegefdefdZdedefdZded eddfd!Z ded eddfd"Z!ded eddfd#Z"y)$AccountFileStoragezjAccounts file storage. :ivar certbot.configuration.NamespaceConfig config: Client configuration configr/Nc|||_tj|jd|jjyNi)rvrmake_or_verify_dir accounts_dirstrict_permissions)rIrvs r*rKzAccountFileStorage.__init__s+   3 3UDKK>, ' IIl # HH\ ";;CCDTU #\2r)cF|j||}tjj|s|tj vr~tj |}|j ||}|jj|}tj|r|j||||S|j|||Stjd|d t|j|5}t j"j%|j'}dddt|j)|5} t*j,j%| j'} dddt|j/|5} t0j2j%| j'} dddt1  S#1swYxYw#1swYrxYw#1swY.xYw#t4$r} tj6| d} ~ wwxYw)N Account at  does not exist)r}rrisdirrrrrvrrrrrrqopenrr r[ json_loadsreadrr%r\rrr+IOErrorr)rIrnr~rrprev_loaded_accountrz regr_filer,key_filer- metadata_filer.errors r*rz(AccountFileStorage._load_for_server_pathsAA*kZww}}-.i888#,#=#=k#J &*&@&@M]&^##{{GG T ::l+001A;PZ[+*112BKP**((;7G6H)XY Y 4doo&678 RI44?? @PQ Rdnn%567 ;8hh))(--/: ;d))*:;< E ||..}/A/A/CD E tS$'' R R ; ; E E 4,,U3 3 4s`G=6.G$"G=.G%4"G=.G1G=G"G=%G.*G=1G:6G== H HH cN|j||jjSrW)rrvr~rrs r*rszAccountFileStorage.loads))*dkk6M6MNNr)rhric |j|}|j|||j|||j||y#t$r}t j |d}~wwxYw)zCreate a new account. :param Account account: account to create :param ClientV2 client: ACME client associated to the account N)_prepare_create _update_meta _update_regrrrr)rIrhridir_pathrs r*rmzAccountFileStorage.savesd 4}}W-H LL( +   gx 0   gx 0 4,,U3 3 4sAA A-A((A-c |j|}|j||y#t$r}tj|d}~wwxYw)z^Update the registration resource. :param Account account: account to update N)rrrrrrIrhrrs r* update_regrzAccountFileStorage.update_regrF  4}}W-H   gx 0 4,,U3 3 4#& A AA c |j|}|j||y#t$r}tj|d}~wwxYw)zVUpdate the meta resource. :param Account account: account to update N)rrrrrrs r* update_metazAccountFileStorage.update_metarrc|j|}tjj|st j d|d|j ||jjtj|jjs&|j|jjyy)znDelete registration info from disk :param account_id: id of account which should be deleted rrN) rrrrrrq#_delete_account_dir_for_server_pathrvr~rrz$_delete_accounts_dir_for_server_path)rIrnrs r*deletezAccountFileStorage.deletes  11*=ww}}-.((;7G6H)XY Y 00T[[=T=TUzz$++223  5 5dkk6M6M N4r)ctj|j|}|j||}t j |yrW) functoolspartialr}!_delete_links_and_find_target_dirshutilrmtree)rIrnr~ link_funcnonsymlinked_dirs r*rz6AccountFileStorage._delete_account_dir_for_server_path!s:%%d&L&LjY AA+yY &'r)c~|jj}|j||}tj|yrW)rvrrrr)rIr~rrs r*rz7AccountFileStorage._delete_accounts_dir_for_server_path&s1KK<< AA+yY !"r)rc||}i}tjjD] \}}|||< d}|rSd}||vrJ||}||} tjj | rt j| |k(rd}|}| }|rStjj |rLt j|} tj|| }tjj |rL|S)a/Delete symlinks and return the nonsymlinked directory path. :param str server_path: file path based on server :param callable link_func: callable that returns possible links given a server_path :returns: the final, non-symlinked target :rtype: str TF) rritemsrrrrreadlinkr) rIr~rrreused_serverskvpossible_next_linknext_server_path next_dir_pathtargets r*rz4AccountFileStorage._delete_links_and_find_target_dir+s[)..446 "DAq !N1  "" !& n,#1+#> )*: ; 77>>-0Z5H5H5W[c5c)-&"2K,H!ggnnX&((2F IIh HggnnX& r)c|j|j}tj|d|jj |Srx)rrHrryrvr{)rIrhrs r*rzAccountFileStorage._prepareSs:11'**=  0%9W9WXr)rctj|j|dd5}|j|jj dddy#1swYyxYw)Nw)chmod)r safe_openrwriter- json_dumps)rIrhrrs r*rzAccountFileStorage._createXsK ^^DNN84c G 58 NN7;;113 4 5 5 5s *AA$ct|j|d5}tji|jj }|j |jdddy#1swYyxYw)Nr)bodyuri)rrr r[r,rrr)rIrhrrr,s r*rzAccountFileStorage._update_regr\sa $//(+S 1 /Y00LL$$&D OODOO- .  / / /s A A00A9ct|j|d5}|j|jj dddy#1swYyxYw)Nr)rrrr.r)rIrhrrs r*rzAccountFileStorage._update_metacsI $%%h/ 5 ;    7 7 9 : ; ; ;s *AA)#rrrr rNamespaceConfigrKr'rr} classmethodrrrrrrrgrrrrsr rmrrrrrrrrrrrr(r)r*rurusc \}<<\\[C[C[6C6c6VY6;#;#;;BBBB;c;c;;ST']6G$w-G66#6,/6486 3333SW3((#('(8OsOwO 4G 4X 4$ 4 47 4t 4 47 4t 4OOO (c(PS(X\( ### &S&5=seSj5I&NQ&P  C 5w5#5$5/G/s/t/;G;s;t;r)ru),r r#rr=loggingrr;typingrrrrrrr cryptography.hazmat.primitivesr josepyr%rNr8acmer r!r acme.clientr certbotrrrrcertbot._internalrcertbot.compatrr getLoggerrrkrAccountStorager`rur(r)r*rs' 8 & !'%   8 $F)F)R5:445*d;22d;r)